[OFBiz] Users - Re: Users - BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)--(RESOLVED PARTIALLY)

> Hi
>
> I downloaded the new version yesterday...But it didn't solve my
> problem ..rather complicated it....I was not able to log in to my
> application through any user id and password that I created.. The user
> ids were provided with sufficient security permissions....and the
> error message was "password incorrect". though I found out the
> password existed in the userLogin entity with the corrosponding
> userLoginId...
>
> Regarding the older version(5021) I found out the cause of my
> problem....I was using the logout event  of Ofbiz.....The logout
> eventually calls the LogoutWorker..which while logging out extracts
> the userLogin information from session and updates the userLogin
> entity with the hasLogged out field information.....And hence though
> the password was changed in the entity(UserLogin) it again got updated
> with the older password.This is becuse the UserLogin information in
> session had the older password. This seems to be a bug because the
> entire information should not be updated and only the hasLoggedOut
> field should be updated. Otherwise no logged in user could change his
> password. Precisely , he can change but it reverts back while logging
> out. However I used the <befor logout> tag to invoke an event which
> updates the session with the new UserLogin information. the
> changePassword feature in my case was implemented using a service and
> so I could not update the session with the new userLogin while
> changing password.....
>
> However I shall be obliged if you look into the behaviour of new Ofbiz
>  that I noticed and get back to me......Its very urgent for Ofbiz
> users like us
> Thanx
> Souvik
>
> On 10/18/05, David E. Jones <[hidden email]> wrote:
>
>>
>> Based on this I couldn't really say what is going wrong. If you are
>> using an older version of OFBiz you might be running into a cache
>> problem, but I'm not aware of anything like this that is an
>> outstanding issue right now.
>>
>> If you can reproduce the problem in the current code base let me know
>> what you did to make it happen and I'll look into it...
>>
>> -David
>>
>>
>> On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:
>>
>>
>>> Hi all,
>>> I have built an application using the Ofbiz framework and has made
>>> full use of the Security system..I am using the framework provided
>>> login and logout services
>>> In my application there is a customer side and an admin side....
>>> I have provided the customer with a feature to change password after
>>> logging in. In that case I find that though the new password is
>>> updated in the Userlogin entity its not effecting the
>>> application...Whil;e trying to log in with his new password the
>>> customer is getting error of Incorrecvt password. But he is able to
>>> log in with his old password. The strangest thing is that the
>>> Userlogin entity has the new password and not the old one......is  
>>> the
>>> password also stored some where else....I have not used any
>>> encryption....
>>> there are more strange observations .......
>>> When the admin tries to change the customers password the change is
>>> effected if the user is not logged in at that moment...Even if he is
>>> logged in he the UserLo0gin entity gets updated with new password  
>>> but
>>> it does not effect the customer's security settings. I mean later  
>>> when
>>> the customer tries to log in with his new password he fails but is
>>> allowed the same with his old password.....
>>> But when an admin changes the password of a customer who in not  
>>> logged
>>> in the change effects his security settings...The behaviour is as
>>> expected...He can log in with his new password and not the old......
>>> If I provide the customer with a feature that he canchange his
>>> password without logging in( where he has to provide his userloginId
>>> also) the behaviousr is as expected.....He can log in with his new
>>> password and not his old one......
>>>
>>> FYI I am using a minilang(simple) service to change the password and
>>> update the UserLogin entity....It uses the "store" tag of minilang
>>>
>>> Can someone please explain this wierd behaviour and its  
>>> remedy.....any
>>> suggerstion will be of gr8 help and I shall be highly obliged
>>>
>>> _______________________________________________
>>> Users mailing list
>>> [hidden email]
>>> http://lists.ofbiz.org/mailman/listinfo/users
>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>>
>>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

> Can You please tell me where and how to file the BUG report?
>
> On 10/20/05, David E. Jones <[hidden email]> wrote:
>
>>
>> Could you file a bug report for this?
>>
>> -David
>>
>>
>> On Oct 20, 2005, at 8:10 AM, Souvik Saha Bhowmik wrote:
>>
>>
>>> Hi
>>>
>>> I downloaded the new version yesterday...But it didn't solve my
>>> problem ..rather complicated it....I was not able to log in to my
>>> application through any user id and password that I created.. The  
>>> user
>>> ids were provided with sufficient security permissions....and the
>>> error message was "password incorrect". though I found out the
>>> password existed in the userLogin entity with the corrosponding
>>> userLoginId...
>>>
>>> Regarding the older version(5021) I found out the cause of my
>>> problem....I was using the logout event  of Ofbiz.....The logout
>>> eventually calls the LogoutWorker..which while logging out extracts
>>> the userLogin information from session and updates the userLogin
>>> entity with the hasLogged out field information.....And hence though
>>> the password was changed in the entity(UserLogin) it again got  
>>> updated
>>> with the older password.This is becuse the UserLogin information in
>>> session had the older password. This seems to be a bug because the
>>> entire information should not be updated and only the hasLoggedOut
>>> field should be updated. Otherwise no logged in user could change  
>>> his
>>> password. Precisely , he can change but it reverts back while  
>>> logging
>>> out. However I used the <befor logout> tag to invoke an event which
>>> updates the session with the new UserLogin information. the
>>> changePassword feature in my case was implemented using a service  
>>> and
>>> so I could not update the session with the new userLogin while
>>> changing password.....
>>>
>>> However I shall be obliged if you look into the behaviour of new  
>>> Ofbiz
>>>  that I noticed and get back to me......Its very urgent for Ofbiz
>>> users like us
>>> Thanx
>>> Souvik
>>>
>>> On 10/18/05, David E. Jones <[hidden email]> wrote:
>>>
>>>
>>>>
>>>> Based on this I couldn't really say what is going wrong. If you are
>>>> using an older version of OFBiz you might be running into a cache
>>>> problem, but I'm not aware of anything like this that is an
>>>> outstanding issue right now.
>>>>
>>>> If you can reproduce the problem in the current code base let me  
>>>> know
>>>> what you did to make it happen and I'll look into it...
>>>>
>>>> -David
>>>>
>>>>
>>>> On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:
>>>>
>>>>
>>>>
>>>>> Hi all,
>>>>> I have built an application using the Ofbiz framework and has made
>>>>> full use of the Security system..I am using the framework provided
>>>>> login and logout services
>>>>> In my application there is a customer side and an admin side....
>>>>> I have provided the customer with a feature to change password  
>>>>> after
>>>>> logging in. In that case I find that though the new password is
>>>>> updated in the Userlogin entity its not effecting the
>>>>> application...Whil;e trying to log in with his new password the
>>>>> customer is getting error of Incorrecvt password. But he is  
>>>>> able to
>>>>> log in with his old password. The strangest thing is that the
>>>>> Userlogin entity has the new password and not the old one......is
>>>>> the
>>>>> password also stored some where else....I have not used any
>>>>> encryption....
>>>>> there are more strange observations .......
>>>>> When the admin tries to change the customers password the  
>>>>> change is
>>>>> effected if the user is not logged in at that moment...Even if  
>>>>> he is
>>>>> logged in he the UserLo0gin entity gets updated with new password
>>>>> but
>>>>> it does not effect the customer's security settings. I mean later
>>>>> when
>>>>> the customer tries to log in with his new password he fails but is
>>>>> allowed the same with his old password.....
>>>>> But when an admin changes the password of a customer who in not
>>>>> logged
>>>>> in the change effects his security settings...The behaviour is as
>>>>> expected...He can log in with his new password and not the  
>>>>> old......
>>>>> If I provide the customer with a feature that he canchange his
>>>>> password without logging in( where he has to provide his  
>>>>> userloginId
>>>>> also) the behaviousr is as expected.....He can log in with his new
>>>>> password and not his old one......
>>>>>
>>>>> FYI I am using a minilang(simple) service to change the  
>>>>> password and
>>>>> update the UserLogin entity....It uses the "store" tag of minilang
>>>>>
>>>>> Can someone please explain this wierd behaviour and its
>>>>> remedy.....any
>>>>> suggerstion will be of gr8 help and I shall be highly obliged
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> [hidden email]
>>>>> http://lists.ofbiz.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> [hidden email]
>>>> http://lists.ofbiz.org/mailman/listinfo/users
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> [hidden email]
>>> http://lists.ofbiz.org/mailman/listinfo/users
>>>
>>>
>>
>>
>>
>>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

> Can anyone tell me how well the entity sync stuff works from version
> 3.0.
>
> I would like to use this, but don't have the budget from the client to
> upgrade to a more recent version.
>
> Thanks in advance.
> --
> Andrew Sykes <[hidden email]>
> Sykes Development Ltd
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

> David,
>
> The idea is to use a view to translate one local entity to a more
> standard remote entity.
>
> This seems a really good solution to the problem rather than messing
> around with XSL or similar.
>
> Perhaps I'll hack this for my own use :-)
>
> It might be nice to have some kind of translation view specifically  
> for
> this task. (view-type="translation")
>
> What do you think? am I barking up the wrong tree? (Is that an
> expression that translates across the pond?)
>
> Kind Regards
> --
> Andrew Sykes <[hidden email]>
> Sykes Development Ltd
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>